Yeah, that’s just basically every unregistered UDP port… Not much you can do about it since Nintendo has struggled to understand the internet and its uses since the Famicom.
And no, for the love of God don’t enable uPnP. It’s still pretty much the worst thing you can do.
In normal operation a router or firewall running NAT will allow you to access the internet and receive traffic you requested and drop any unsolicited traffic originating from the internet.
If you were to access google, your PC will try to access google.com on port 443 with your PC being the source of port 5673 (any number between 1024 and 65000ish). Any traffic from Google to you will be permitted provided they are using the correct port pairings. If google then decides I am going to send you traffic on port 5677 your router/firewall will drop the traffic as it is unsolicited.
Now for the problem. Upnp allows a piece of software running somewhere in your house to register itself with your router and say “hey, if you see traffic destined for port 5555 from anywhere on the internet forward it to me, even if I didn’t start the conversation”. Considering how bad software is written this can give a threat actor a beachhead into your LAN to then vomit as much traffic back out as it wants, it could be a DDoS a mining not or just regular traffic sniffing.
While you’re opening most outbound UDP ports for just the switch, a uPnP vulnerability has the possibility of letting an attacker open ports, especially inbound registered ports (SSH, RDP, etc), for all devices.
If you do everything right (wifi client isolation, if your WAP has that option) opening the port for the switch is “essentially” as safe as it can be. The safest being Nintendo listing their public IPs but I think switch games use P2P which is why they don’t.