It can be done with VLANs, but I don’t recommend it.

Much better to put the router in the basement between the ONT and Switch 1, and an AP for WiFi in the office.

Router - directs traffic (aka “routes”) and enforces access rules between different devices on the local network, and (if it’s also a “gateway router”) between devices on the local network and the internet

Access Point (“AP”) - creates a WiFi “hotspot” that’s connected to the local network (and from there, through a gateway router to the internet usually).

Modem - converts and transmits network traffic between two different physical formats: e.g. between fiber optic and ethernet, between cable internet and ethernet, between DSL and ethernet, etc.

The device that you get from your internet provider often has all three functions built in. Confusingly, many people refer to it as just a “router” or “modem” which doesn’t accurately describe it.

I would disable the WiFi in the cable modem and add an AP, or better yet, buy your own modem, router and AP and return the cable company device (and stop paying the monthly rental fee).

Outdoor access point - wired back to the router - is the answer.

I would also use PoE to power the AP, either an access point that supports PoE directly, or with a PoE splitter.

Do you have line-of-sight between the houses?

Use a wireless bridge instead.

I have three buildings connected together, one link is an Engenius 5GHz wireless bridge, and the other is a Ubiquiti 60GHz wireless bridge.

Would the Netgear GS105Ev2 work for your needs?

Currently $40 on Amazon.

https://www.netgear.com/business/wired/switches/plus/gs105ev2/