Abstract: AFL-CGI-wrapper (ACW) is designed for detecting vulnerabilities in desktop CGI programs, the core idea is fuzzing CGI via executing the targeted program in the QEMU environment. However, there are two challenges when applying ACW on discovering vulnerabilities of embedded CGIs: 1) the diversity of devices makes fuzzing via fixed input-model is inefficient; 2) only tracing the main module of CGI cannot utilize coverage information to guide fuzzing to explore those code paths that are dependent on functions hosted in extern module. To overcome these two challenges, a lazy input-model based on feedback and a selective extern function tracing are presented and implemented in the prototyping system named BCFuzzer. Finally, several experiments had been conducted based on a set of embedded CGIs from some real-word devices. The result shows that the techniques of BCFuzzer can help to explore more code paths and detect more vulnerabilities as soon as possible.