@wertusew The issue here is that you have not sufficiently described your threat model (and we have not asked). The result is that we are answering all kinds of questions that you may or may not be interested in.
Against an attack to the hypervisor, it won't matter where you put the network device. Once the hypervisor (ie host) is compromised, it's game over. (Mitigating solution: physical isolation)
(As @Ego said,) against a DMA attack, it also won't matter where you put the modem. You will be vulnerable unless you use an OS (like Qubes) that enforces IOMMU isolation (given compatible hardware). (Mitigating solution: Qubes)
Against "traditional" arbitrary code execution exploits limited to the local OS / VM, it won't matter whether you put the device in the host or whonix-gateway. A compromise of either will be fatal to your anonymity. (Mitigating solution: use a separate VM for the network device)
If you use your Host OS for personal, non-anonymous activity (not-recommended), and you are worried about leakage through your anonymous network device, then it would make sense to put the device in a VM and not in your Host. (Mitigating solution: (best) use a dedicated host for whonix; (better) use VM for network device)
It is also true that re-wiring Whonix-Gateway is non-trivial and may be error-prone as well. Whonix-Gateway is hard-coded to use eth0, eth1. It is not designed to be a portable, plug-and-play OS. Additionally, Whonix-Gateway holds "the keys to the kingdom". If it's compromised, it's game-over.
So your best non-technical solution is to buy another machine for non-anonymous use and plug the modem into the anonymous host of your anonymous machine.
Given reasons above, Qubes is your best bet for ease-of-use and security.