I tried flashing the, windows only, firmware with the flashing program in a hirensbootcd vm on my own linux machine but it comes up with errors while trying to flash.

To remove the extra layer of complexity with the vm I am thinking to try using my mum's machine however she is very lazy about security. Is it risky?

I don't want to compromise my machine just to flash this device.

The device is a 4g dongle which does have some storage on it I think, not sure, not had a chance to examine as it is not working as I want it yet. I don't think it has any mass storage out the box, just the option to add a flash storage mini sd card.

There is some limited storage on the base device though as it stores some files to load drivers automatically in lieu of a driver disk. This is the part I want to flash though. So would any malware be able to get on their likely or not?

If she will give you access to the computer to flash a USB drive, why not ask her whether you can check her security settings, then check to see whether she has a firewall enabled and is running an anti-virus? You can certainly assure her that you will not change anything without asking her permission.

Rufus can make a live windows usb if you can boot it on her computer. I used to make WinPE CD's and may still have a few.

I found out about and used a linux alternative to rufus called Ventoy. A really nice feature is that it does not use up the whole drive and you simply copy and paste the iso/s you want to the non boot folder plus any other programs or files you want in there as they remaining storage is then free to use.

Recommended!

Well, usually not in windows. I have one usb made and use the extra space for ext4 area.