Hi
I have had a similar issue in the past which, apparently, was caused by the PS4 in the DMZ and resolved it by forwarding port 5353 to a high port 65535 on the Hub.
A year ago I enabled the superhub3 as modem only and used a Netgear router (first R7000 and then replaced currently with R8000) as my router due to the Hub port forwarding being not great when it came to an app I needed to use to remote control my PS4.
I was able to setup the R7000 with the same port forwarding rules of the hub and I believe I avoided triggering any MDNS vulnerability.
Since I replaced the R7000 with the R8000 I have been unable to forward port 5353 to a higher port as there is a conflict on that port and I have not been able to understand what is causing the conflict (I disabled uPnP but it made no difference).
I recently got an email from VM about MDNS vulernability with a date and my IP address and nothing else.
I suspect the culprit could still be the PS4 on the DMZ however I cannot be sure as so many things have changed in the last year in terms of my networking setup, program installed, etc.
I have emailed shadow server as I am hoping that they can identify the culprit but, from what I read in this forum, their reports can be tricky to read (assuming they will send me one).
So, as first action I removed the PS4 from the DMZ hoping it will stop any more emails from VM however, I do not want to just forward ports without understanding what has caused the vulnerability (although I suspect it is a device in the DMZ). Also, there is the added issue that I cannot port forward 5353 due to a conflict which I am unable to solve.
Any help would be appreciated.